← Back to Skills Marketplace
113
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install slowmist-security-cc
Description
SlowMist AI Agent Security Review — comprehensive security framework for skills, repositories, URLs, on-chain addresses, and products (Claude Code version)
Usage Guidance
This skill appears to be a genuine security-review framework and is mostly self-contained (markdown guidance only). Before installing or enabling it: 1) Confirm you are comfortable with the skill reading/writing in your agent's ~/.claude directories (it recommends writing logs and reading CLAUDE.md / memory files); if not, run it in a sandboxed agent or deny filesystem access. 2) If you intend to use on-chain AML features (MistTrack/Dune), expect to provide API keys—verify where those keys would be used and do not supply unrelated credentials. 3) Because the skill can record persistent audit logs, review the exact log location and content format so sensitive data isn't stored unintentionally. 4) Keep the 'human approval' requirement for HIGH/REJECT findings — do not allow unattended autonomous actions for sensitive operations. If you want a safer test, run the skill in a restricted environment, inspect any created log files, and only then allow broader access.
Capability Analysis
Type: OpenClaw Skill
Name: slowmist-security-cc
Version: 1.0.0
The bundle is a comprehensive security review framework (SlowMist Security Review) designed to guide an AI agent in auditing external inputs like skills, repositories, URLs, and blockchain addresses. It consists entirely of defensive instructions, checklists, and pattern libraries (e.g., red-flags.md, social-engineering.md) aimed at identifying malicious behavior in other software. There is no evidence of malicious intent, data exfiltration, or unauthorized execution; the framework is transparently documented and aligns perfectly with its stated purpose of enhancing agent security.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match the actual content: the SKILL.md and the reference documents implement a security-review framework for repos, skills, URLs, on‑chain addresses and products. No unexpected binaries or credentials are requested. One mismatch: the instructions repeatedly reference agent-local paths (e.g., ~/.claude/, CLAUDE.md, memory logs) and logging to ~/.claude/projects/... — these filesystem interactions are plausible for a review tool but are not declared in the skill's metadata as required config paths.
Instruction Scope
Instructions stay within the stated purpose (routing different review types, scanning code blocks, red-flag patterns, requiring human approval for HIGH/REJECT). However, multiple reference docs instruct the agent to read agent config and memory files (CLAUDE.md, ~/.claude settings, memory files) and to append audit logs to agent memory paths. Reading agent identity/memory is highly sensitive; while it can be justified for an audit, the skill does not declare or warn explicitly that it will access these sensitive files, nor does metadata request permission scopes/paths.
Install Mechanism
Instruction-only skill with no install spec and no code to download or execute. This is low-risk from an install mechanism perspective; nothing is written to disk by an installer step in the package itself.
Credentials
The skill declares no required environment variables and no primary credential, which is consistent with an instruction-only audit framework. References mention optional integrations (MistTrack API, Dune MCP) for AML scoring; those would require credentials if used, but the skill does not declare them. If you plan to use AML features, expect to supply API keys/credentials outside the skill metadata.
Persistence & Privilege
The framework recommends writing audit logs to ~/.claude/projects/<project>/memory/slowmist-security-log.md and references agent config paths. That creates persistent artifacts in the agent's directories. This is not inherently malicious, but it is persistent and touches agent-local state — the skill metadata does not declare required config paths or mention persistent log creation explicitly.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install slowmist-security-cc - After installation, invoke the skill by name or use
/slowmist-security-cc - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of SlowMist AI Agent Security Review for Claude Code.
- Provides a comprehensive security framework for reviewing skills, repositories, URLs, on-chain addresses, and products.
- Introduces clear quick-decision cards, 4-level risk ratings, and trust principles for all external inputs.
- Defines activation triggers and step-by-step security review processes for common scenarios.
- Includes reference guides for supply chain, social engineering, and code red flags.
- Supports review logging for traceability and memory across projects.
- Adapts all core framework features to the Claude Code platform.
Metadata
Frequently Asked Questions
What is Slowmist Security Cc?
SlowMist AI Agent Security Review — comprehensive security framework for skills, repositories, URLs, on-chain addresses, and products (Claude Code version). It is an AI Agent Skill for Claude Code / OpenClaw, with 113 downloads so far.
How do I install Slowmist Security Cc?
Run "/install slowmist-security-cc" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Slowmist Security Cc free?
Yes, Slowmist Security Cc is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Slowmist Security Cc support?
Slowmist Security Cc is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Slowmist Security Cc?
It is built and maintained by Jialin (@0xcjl); the current version is v1.0.0.
More Skills